A military perspective on cyber security

A Military Perspective on Cyber Security
“Not a Paradigm Shift, Just a Tactical Approach”
Joey Hernandez CISSP

Topic
Background
The Change
Center of Gravity Rings
Principles of War
Contested Commons
Your Turn

Background
Elevated age in cyber warfare
Malware has become focused
SCADA Systems (Stuxnet)
Malware performs Operational Preparation of the Environment (OPE)
Conficker (Millions still infected)
Ransomeware
Data is being held hostage
The advanced capability of the threat has increased the risk.
Understanding the risk allows employment of defensive measures to decrease the risk – “Risk will always be present”

The Change
Combined capabilities have helped attackers create weapon systems
Soldier +Rifle + Bullets =(This is a weapon systems)
Cyber
State Sponsored, Script Kiddies, Paid Staff
Laptop, Desktop, Mobile devices
Metasploit, Backtrak, PoisonIvy, Mpack, other RAT
Hacker + Laptop + Metasploit = Weapon System
Attackers, Adversaries, Cyber terrorist are now employing TTP

Wardens Rings
The focus to attack Centers of Gravity
The Estonian attack/s
Utilized TTP
Rings
Leadership (Defaced Ministry of Defense, Finance, etc)
Organic/System Essentials
Infrastructure (DDoS against ISP and Wardialing to lock up POTS network)
Population (News Media)
Fielded Military Forces
Inside Out Attack Methodology For Kinetic Warfare

Cyber
Population attacks cascade the ring
System essential attacks on services eg. Supply Chain, Food, FedEx ; feeds the rings in both direction
Infrastructure attacks feed the ring both directions
Leadership focus elevates the nature of the actions
“Defense measures must ensure protection of systems first and population foremost”

Countering Principles of War
Raising perceptions of attacks guarantee elevated perspective.
Proactive approaches to provide defense in depth reduces risk to all Centers of Gravity
NOT immediately achievable, requires buy-in

Principle 1
Objective: Direct every operation towards a clearly defined, decisive, and attainable objective.
Security
Create policy & Directives that are concise, fed from leadership and enhances current capabilities.
Defense
Institutionalize SOP creating a path to obtainable objectives

Principle 2
Offensive: Seize, retain, and exploit the initiative
Cyber Security personnel must have all tools required to respond to incidents or events when presented enabling decisive results
Immediate knowledge of events through proactive
Proactive research
International teams of trust
Reverse engineering of “current” malicious code
Pentesting with seized exploits ensure preparedness
Exercise routinely against new threats
Exploitation allows establishing opstempo for defensive and counter operations.

Principle 3
Economy of Force: Allocate minimum essential combat power to secondary efforts.
Cyber Security staff should only be allocated tasks relating to protection of grid and its associated systems
Minimize external tasks not associated to Cyber Security
“Employ” others to do: password resets, maintenance, and support
Discriminate whenever possible!
Indentify and prioritize cyber assets and assign coverage accordingly

Principle 4
Mass: Concentrate combat power at the decisive place and time.
Sustain with technology, resolve with Mass – Use Crisis action teams, leverage distributed knowledge
“Get there first with the most”.
The dynamic nature of Cyber Space allows you to employ mass globally with centralized control
Convene and delegate
Ensure communication is continuous
If possible (Make possible) Disarm the attacker
Block/Mitigate adversaries ability to maneuver, virtual arm bar
Remain focused on protection

Principle 5
Surprise: Strike the enemy at a time, place, or manner for which they are unprepared.
Always expect it!
Trust but verify – If the network is quiet lower thresholds, to find hidden traffic
Utilize time to influence out of the box operating procedures and TTP to develop
Always expect it!

Principle 6
Maneuver: Place the enemy in a position of disadvantage through flexible application of combat power
Gain an advantage in positioning by training, certifying defense crews
Exercising as a team places the adversary in a position of disadvantage
Train as a group to flexibly protect, respond, and mitigate attacks
Leverage internal and external trusted SME capabilities

Principle 7
Unity of Command: For every objective, ensure unity of effort under one responsible commander.
A single leader should provide direction and coordination for crews ensuring comprehensive objectives.
Alignment facilitates communication for mission/common objective
Each task presented should have ownership and custodial characteristics for members of the crew
Ideas & Solutions
Preferred collective
Collective not required

Principle 8
Security:Never permit the enemy to acquire an unexpected advantage.
Protect and preserve defense measures, procedures and capabilities from the eyes of the adversary.
Security exertion minimizes attack vectors
Understand the capabilities and limiting factors of your people – “provides for a clearer situational awareness”

Principle 9
Simplicity: Prepare clear, uncomplicated plans concise orders to ensure thorough understanding.
Concise Plans and Orders minimize the chance for mistakes.
Degree of operational simplicity results from from experience, training, empowerment and institutionalized processes.
Simplicity in Cyber Operations - is an Art of Balance
Open lines of communication Local & Global support simplicity

Contested Commons
It is Global: Maritime, Air, Space, Cyber
Relied upon for business globalization
More nations, organizations, economies at risk
Rapid capability development, sluggish legal and global agreement on how to “Address Cyber Attacks”
Russia & China created No CY Zones
Some believe there is “No Cyber War”
Ask Estonia, Brazil, Canada, South Africa, Malaysia

Your Turn
Train & Exercise your crews as a team
Open lines of communication
Think strategically, act locally
Be proactive, make quick fixes, and best practice into TTP
Be paranoid, suspicious and know your adversaries
Build your trusted crisis network
Plan for events
Clear the fog

A military perspective on cyber security

by Joey Hernandez

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 13

Statistics

A military perspective on cyber security Presentation Transcript